Vulnerability assessment is the process of identifying, ranking, and classifying the vulnerabilities in a network or an application. It provides an organization with an understanding of their assets and the risks they face. When using Metasploit, vulnerability scanning can be done using separate auxiliary modules or using the available plugins. The Metasploit Framework also allows us to add our own custom plugin if we have our own vulnerability scanner (in-house).
WMAP is a Metasploit plugin that gives users the freedom to perform vulnerability scanning on a target with respect to the Metasploit modules used in the scan. One of the best features of this plugin is the ability to use as many Metasploit modules (including custom modules) for a vulnerability scan as required by the tester. The tester can create multiple profiles to fit different scenarios.
In this chapter, we will be learning about the following topics:
- Understanding WMAP
- The WMAP scanning process
- WMAP module execution order
- Adding modules to WMAP
- Clustered scanning using WMAP